Rare Kaspersky bug locks up operating system

Summary:By sending a computer running Kaspersky Internet Security 2013 a specially crafted IPv6 packet, attackers can cause the operating system to hang.

A bug in Kaspersky Internet Security 2013 has meant that the software can cause its host operating system to lock up if it receives a specially crafted IPv6 packet.

Posting on the Full Disclosure mailing list earlier this week, security consultant Marc Heuse said that if IPv6 connectivity to the target machine was possible, an attacker could send a specially crafted packet that would result in a denial of services.

"A fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system. No log message or warning window is generated, nor is the system able to perform any task," he wrote.

At the time, Heuse said that the only solution was to remove the offending part of the product, or uninstall it in its entirety.

According to Heuse, he had previously reported the bug to Kaspersky on January 21, and again on Feburary 14.

"No feedback was given by Kaspersky, and the reminder contained a warning that without feedback, the bug would be disclosed on this day. So here we are."

Although it did not acknowledge receiving Heuse's earlier warnings, Kaspersky Lab has since confirmed that the fault lay with one of its system drivers.

"A private patch is currently available on demand, and an autopatch will soon be released to fix the problem automatically on every computer protected by Kaspersky Internet Security 2013," the company told ZDNet.

"Although Kaspersky Lab acknowledges the issue, it would like to stress that there was no threat of malicious activity affecting the PCs of any users who may have experienced this rare problem.

"Kaspersky Lab would like to apologize for any inconvenience caused. Actions have been taken to prevent such incidents from occurring in the future."

Topics: Security

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.